macOS 10.14 Safari and custom URL redirects
We use a custom domain for our help page, which redirects to the specific tenderapp.com URL that is used once you arrive to the page. As far as I can tell, we have all of the DNS settings correct, and indeed this setup has worked flawlessly for years.
But now we have problems with the most recent version of Safari, shipped with macOS 10.14. The problem can be demonstrated thus:
- Visit an example.tenderapp.com page that has a custom domain set up for it, and log in.
- You should be able to get around within the site with no problems. Cookies are set correctly. Navigate to the Dashboard.
-
Modify the URL so that it is now
http://custom.domain.com/help/dashboard/discussionsand press Return to visit.At this point you will appear logged out. You will not be, the cookies will still be intact and you will be able to manually browse to the dashboard if you go via the "Support home" link.
Where this is of greatest impact is in the links embedded into every email that is sent out as notification. The URLs use the custom domain of course, meaning every link you click on in an email that loads in Safari ends up in this condition where you appeared logged out.
Attempted Fixes:
- If one modifies the URL from the email to use the example.tenderapp.com address directly, then they passed straight through. Good as a temporary workaround, but not for customers.
- I have tried disabling the cross-site tracking checkbox in Safari's Privacy preference pane to no effect.
Given that any email template including the {{url}} token will trigger this problem for Safari users, it will have some impact on users, not just us internally.
Discussions are closed to public comments.
If you need help with Tender please
start a new discussion.
Keyboard shortcuts
Generic
| ? | Show this help |
|---|---|
| ESC | Blurs the current field |
Comment Form
| r | Focus the comment reply box |
|---|---|
| ^ + ↩ | Submit the comment |
You can use Command ⌘ instead of Control ^ on Mac
Support Staff 1 Posted by Courtenay on 24 Oct, 2018 11:37 PM
setting cookies across domains has always been imposible, that's why we use a special link that contains the auth information to transfer around domains. it's possible your SSL settings are funky? How is your SSL set up?
2 Posted by ioa on 25 Oct, 2018 11:40 AM
For the redirect to .tenderapp.com itself there is no SSL, the links are
generated as http://, is that the problem do you think? It seems a bit
of an odd one if that is the case, if it only impacts one browser on the
client side.
As for how we have SSL set up on the main site domain, it's just cookie
cutter stuff, bought and maintained through the host.
3 Posted by ioa on 08 Nov, 2018 06:50 PM
We are still getting this issue with Safari. Any clues on what might be the cause?
4 Posted by ioa on 27 Nov, 2018 05:07 PM
Since there appears to be no solution or explanation forthcoming, we've decided to stop using the cosmetic URL feature. Please feel free to close this.
brandi closed this discussion on 28 Nov, 2018 02:28 PM.